Description
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code.
Remediation
References
Related Vulnerabilities
SugarCRM Other Vulnerability (CVE-2009-2146)
WordPress Plugin Bulk Add to Cart for WooCommerce Security Bypass (1.2.2)
WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)